[SR-Users] User accounting

Ali Jawad ali.jawad at splendor.net
Thu Sep 6 16:32:43 CEST 2012 

Hi Alex
Thanks again for walking the extra mile and bringing this to my attention,
I did apply your fix. You are a Kamailio gold mine.
Thanks again

On Thu, Sep 6, 2012 at 5:08 PM, Alex Balashov <abalashov at evaristesys.com>wrote:

> No problem!
>
> As always, be mindful of security;  some of the parameters can be easily
> spoofed or manipulated by someone who knows what they're doing.  If you're
> taking their values and throwing them straight into a SQL statement
> unsanitised, these values can form the basis of a SQL injection attack.
>
> This is why the Kamailio route script also offers something called
> transformations, which you can think of essentially as string
> functions/methods that can be applied to any variable.
>
> They are listed here:
>
>    http://www.kamailio.org/**dokuwiki/doku.php/**transformations:3.1.x<http://www.kamailio.org/dokuwiki/doku.php/transformations:3.1.x>
>
> In particular, the transformation that I had in mind for you was:
>
> http://www.kamailio.org/**dokuwiki/doku.php/**transformations:3.1.x#**
> sescapecommon<http://www.kamailio.org/dokuwiki/doku.php/transformations:3.1.x#sescapecommon>
>
> So, when putting, for instance, $ua into the DB, you might consider
> applying the {s.escape.common} transformation to it.  Instead of $ua, use
> $(ua{s.escape.common}).
>
> -- Alex
>
>
> On 09/06/2012 10:04 AM, Ali Jawad wrote:
>
>  Thank you Alex, I got where I need to. Appreciated.
>> Regards
>>
>> On Thu, Sep 6, 2012 at 4:30 PM, Alex Balashov <abalashov at evaristesys.com
>> <mailto:abalashov at evaristesys.**com <abalashov at evaristesys.com>>> wrote:
>>
>>     On 09/06/2012 09:25 AM, Ali Jawad wrote:
>>
>>         How do I get the variables for username,agent and IP.
>>
>>
>>     This information comes from pseudovariables ("PVs"), which are
>>     basically parts of the SIP message that are parsed by Kamailio and
>>     exposed inside the config script environment as read-only (and in a
>>     cases, mutable) variables.
>>
>>     Take a look at the full list here:
>>
>>     http://www.kamailio.org/__**dokuwiki/doku.php/__**
>> pseudovariables:3.1.x<http://www.kamailio.org/__dokuwiki/doku.php/__pseudovariables:3.1.x>
>>
>>     <http://www.kamailio.org/**dokuwiki/doku.php/**pseudovariables:3.1.x<http://www.kamailio.org/dokuwiki/doku.php/pseudovariables:3.1.x>
>> >
>>
>>     The ones you are looking for are:
>>
>>     (1) $au - for authentication username, or $fU for From URI user part.
>>
>>     (2) $ua - user agent identifier, if present.  A good way to check if
>>     it is present is to check for the existence of the User-Agent
>>     header, which is not a mandatory header:
>>
>>         $var(ua) = '';
>>
>>         if(is_present_hf("User-Agent")**__)
>>
>>            $var(ua) = $ua;
>>
>>         # Log $var(ua)...
>>
>>     (3) $si - source IP of the request being processed.
>>
>>
>>     -- Alex
>>
>>     --
>>     Alex Balashov - Principal
>>     Evariste Systems LLC
>>     235 E Ponce de Leon Ave
>>     Suite 106
>>     Decatur, GA 30030
>>     Tel: +1-678-954-0670
>>     Fax: +1-404-961-1892
>>     Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
>>
>>     ______________________________**___________________
>>
>>     SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
>> list
>>     sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-**router.org<sr-users at lists.sip-router.org>
>> >
>>     http://lists.sip-router.org/__**cgi-bin/mailman/listinfo/sr-__**users<http://lists.sip-router.org/__cgi-bin/mailman/listinfo/sr-__users>
>>     <http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>
>> >
>>
>>
>>
>>
>>
>>
>>
>> ______________________________**_________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>
>>
>>
>
> --
> Alex Balashov - Principal
> Evariste Systems LLC
> 235 E Ponce de Leon Ave
> Suite 106
> Decatur, GA 30030
> Tel: +1-678-954-0670
> Fax: +1-404-961-1892
> Web: http://www.evaristesys.com/, http://www.alexbalashov.com/
>
> ______________________________**_________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users>
>



-- 
*Ali Jawad
*
*Information Systems Manager
CISSP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA
*
*Splendor Telecom (www.splendor.net)
Beirut, Lebanon
Phone: +9611373725/ext 116
FAX: +9611375554

*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120906/19d3e7da/attachment-0001.htm>

More information about the sr-users mailing list